[apparmor] [Patch][parser] if a cache load fails, attempt to rebuild and load it

Tyler Hicks tyhicks at canonical.com
Mon Sep 22 23:34:03 UTC 2014 

On 2014-09-21 04:04:48, John Johansen wrote:
> On 09/19/2014 06:48 PM, Seth Arnold wrote:
> > On Fri, Sep 19, 2014 at 01:48:09PM -0700, John Johansen wrote:
> >> On 09/19/2014 12:37 PM, John Johansen wrote:
> >>
> >> fix: if the apparmor parser fails to load the cache try rebuilding
> >>
> >> v2. Change bail out condition, it should skip rebuilding the cache if the load succeed
> >>
> >> Signed-off-by: John Johansen <john.johansen at canonical.com>
> > 
> > Some quibbles on this one... First, the variable name makes a lot more
> > sense to me than the command line option -- I'd rather the command line
> > option match, "skip-rebuild-bad-cache" or "skip-rebuild-on-bad-cache".
> > Second, the --help isn't updated yet.
> > 
> > But I think the logic works alright.
> > 
> How's this
> 
> fix: if the apparmor parser fails to load the cache try rebuilding
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  apparmor/2.9-new/parser/parser_main.c |    9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> --- jj.orig/apparmor/2.9-new/parser/parser_main.c
> +++ jj/apparmor/2.9-new/parser/parser_main.c
> @@ -75,6 +75,7 @@
>  int preprocess_only = 0;
>  int skip_mode_force = 0;
>  int abort_on_error = 0;			/* stop processing profiles if error */
> +int skip_bad_cache_rebuild = 0;
>  struct timespec mru_tstamp;
>  
>  #define FEATURES_STRING_SIZE 8192
> @@ -125,6 +126,7 @@
>  	{"Optimize",		1, 0, 'O'},
>  	{"preprocess",		0, 0, 'p'},
>  	{"abort-on-error",	0, 0, 132},	/* no short option */
> +	{"skip-bad-cache-rebuild",	0, 0, 133},	/* no short option */
>  	{NULL, 0, 0, 0},
>  };
>  
> @@ -175,6 +177,7 @@
>  	       "-O [n], --Optimize	Control dfa optimizations\n"
>  	       "-h [cmd], --help[=cmd]  Display this text or info about cmd\n"
>  	       "--abort-on-error	Abort processing of profiles on first error\n"
> +	       "--skip-bad-cache-rebuild Do not try rebuilding the cache if it is rejected by the kernel\n"

Please update the man page, too.

Tyler

>  	       ,command);
>  }
>  
> @@ -416,6 +419,9 @@
>  	case 132:
>  		abort_on_error = 1;
>  		break;
> +	case 133:
> +		skip_bad_cache_rebuild = 1;
> +		break;
>  	case 'L':
>  		cacheloc = strdup(optarg);
>  		break;
> @@ -938,7 +944,8 @@
>  			if (show_cache)
>  				PERROR("Cache hit: %s\n", cachename);
>  			retval = process_binary(option, cachename);
> -			goto out;
> +			if (!retval || skip_bad_cache_rebuild)
> +				goto out;
>  		}
>  		if (write_cache) {
>  			/* Otherwise, set up to save a cached copy */
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140922/83706398/attachment.pgp>

More information about the AppArmor mailing list